Upstream released version 101.0.4951.64 on May 10th: https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html This update includes 13 security fixes This new version builds locally without any issue. Update will be submitted today for Cauldron. I'll push it for MGA8 shortly after. Advisory proposal will follow after the builds will be successful.
CC: (none) => davidwhodgins
Hi Cauldron is up-to-date and MGA8 build is now submitted. I will keep you posted when ready for QA. ADVISORY NOTICE PROPOSAL ======================== Updated chromium-browser-stable packages fix bugs and security Vulnerabilities Description The chromium-browser-stable package has been updated to the 101.0.4951.64 version, fixing many bugs and 13 CVE. Some of them are listed below: [1316990] High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18 [1314908] High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09 [1319797] High CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous on 2022-04-26 [1297283] High CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15 [1311820] High CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz on 2022-03-31 [1316946] High CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University on 2022-04-17 [1317650] High CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19 [1320592] High CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28 [1305068] Medium CVE-2022-1641: Use after free in Web UI Diagnostics. Reported by Rong Jian of VRI on 2022-03-10 [1323855] Various fixes from internal audits, fuzzing and other initiatives References https://bugs.mageia.org/show_bug.cgi?id=30411 https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html SRPMS 8/core chromium-browser-stable-101.0.4951.64-1.mga8 PROVIDED PACKAGES ================= x86_64 chromium-browser-101.0.4951.64-1.mga8.x86_64.rpm chromium-browser-stable-101.0.4951.64-1.mga8.x86_64.rpm i586 chromium-browser-101.0.4951.64-1.mga8.i586.rpm chromium-browser-stable-101.0.4951.64-1.mga8.i586.rpm
Hi. Ready for QA in Testing.
Assignee: chb0 => qa-bugsCC: (none) => sysadmin-bugs
Ok in English on x86_64, and i586 under vb. Will wait for a few more testers as the bugs are High, not Critical.
Works fine for me too on Mageia 8 x86_64.
OK from me too. mga8-64 nvidia-current plasma swedish settings, stored tabs, videos, logins...
CC: (none) => fri
Advisory committed to svn. Validating the update.
Whiteboard: (none) => MGA8-64-OK MGA8-32-OKKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0188.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED